Re: How to configure Domain access permissions for a user that would vary based on the computer they log into?
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Jun 2006 13:36:12 -0500
You would have to configure access at the computer level and that could be
done in a couple of ways. If you could enable the Windows Firewall on the
servers with the shares you could specify the exception for file and print
sharing and then the IP addresses that are allowed access to file and print
sharing. For that to work well you would want to make sure that the user are
not local administrators on their computers and that the IPs in the allowed
list are static IPs. The other way would be to use ipsec to have an ipsec
require policy on the servers with the shares for at least the ports used
for file and print sharing and then making sure only the computers you want
to have access have a compatible ipsec policy and that the XP Pro computers
do not. Ipsec is a somewhat complex topic that requires a lot of planning,
testing, and special considerations for domain controllers. See the links
below if interested. --- Steve
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
http://support.microsoft.com/?kbid=254949 --- very important considerations
for implementing ipsec in a domain
"MrMiLo@nospam" <mcahoon@xxxxxxx> wrote in message
news:%23YeVJxUlGHA.5108@xxxxxxxxxxxxxxxxxxxxxxx
How to configure Domain access permissions for a user that would vary
based on the computer they log into?
I have a server farm consisting of all windows 2003 servers with R2
All my workstations are Windows XP professional with SP2
What I would like is to be able to limit my users access to domain shares
(specifically DFS shares) so that these shares are only accessible while
they are logged into and using one of the Terminal Servers.
I do not want these shares accessible from the XP Pro workstations.
I would like to keep the XP Pro workstations on the domain so i can
implement some GPOs.
I really do not want to limit the XP systems networking (so users can
still do in-office printer sharing, etc) with Group Policies and I would
prefer to have the user use their same login and password for both the XP
and Terminal Server logins.
Does anyone know of any way to achieve this?
Thanks
.
- Follow-Ups:
- References:
- Prev by Date: NTFS permissions not applying consistently
- Next by Date: Re: NTFS permissions not applying consistently
- Previous by thread: How to configure Domain access permissions for a user that would vary based on the computer they log into?
- Next by thread: Re: How to configure Domain access permissions for a user that would vary based on the computer they log into?
- Index(es):
Relevant Pages
|
